Tag Archives: IE

CVE-2009-3555: Safari not yet patched ???

The other day I was shocked to find this entry in my Apache logs:

[error] SSL Library Error: 336068931 error:14080143:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled

It occurs appears when I try to use a SSL client certificate with Safari. Of course, authentication is broken as it just fails on an 403 error page.

So it seems that Safari is the last browser which was not patched against CVE-2009-3555 !

2009 !! At least, I quickly checked the other browsers I had around and they were fine: IE, Firefox, Chrome… I am having an issue with Opera also, but although I have not identified the problem yet, it seems unrelated (and does not throw the same error).

Note that I reported the issue to Apple, but I did not receive any answer. Silence on the wire.

FFFjacking

FFFjacking is new web browser hacking technique discovered by Roman Kümmel (aka .cCuMiNn.).

Even though it requires a little of social engineering, it is quite dangerous. Yet another string to add to the bow.

Anti-IE 6 campaign

I found this initiative, apparently started in Sweden, quite funny but also educative.

So I just set up the Shockingly Big IE6 Warning plugin in this blog.

Then I became curious and checked the stats of this site :

So there is still about 9% of our visitors that are running IE 6 and 3% using some rather outdated versions of Firefox.

And, my god, I would have never imagined that Netscape would appear in the list !

Yes, there is still a lot of work to do about security awareness among users.

Phocean.net

Computer Security Blog

Tag Archives: IE

CVE-2009-3555: Safari not yet patched ???

Anti-IE 6 campaign